[Git][security-tracker-team/security-tracker][master] Add CVE-2019-9959/poppler

Sat Oct 5 10:15:21 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a29609c by Salvatore Bonaccorso at 2019-10-05T09:14:48Z
Add CVE-2019-9959/poppler

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21233,7 +21233,10 @@ CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view in c
 CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.php i ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...)
-	TODO: check
+	- poppler <unfixed>
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/805
+	NOTE: Patch: https://gitlab.freedesktop.org/poppler/poppler/commit/68ef84e5968a4249c2162b839ca6d7975048a557 (poppler-0.79.0)
+	NOTE: Reproducer: https://gitlab.freedesktop.org/poppler/poppler/uploads/3f22837ebd503f87e730b51221b89742/raiter_issue5465.pdf
 CVE-2019-9958 (CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 u ...)
 	NOT-FOR-US: Quadbase EspressReport ES (ERES)
 CVE-2019-9957 (Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allow ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a29609c73e0cb880a25319320e7525b54f78552

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a29609c73e0cb880a25319320e7525b54f78552
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191005/92123e05/attachment.html>
